Google turns to codeless tap factor authenticaton

Possible bug in screen lock requirement
Google has set up an easier two factor authentication system to allow staff to login with a tap instead of codes.
The Prompt feature is available to Google users and will allow them to sign into Mountain View services more easily than copying codes from its time-based Authentication app.

Users will need to apply a screen lock before Google will allow the one-tap verification to be activated.
Initial tests indicate that Prompt may still work if screen lock is activated for setup and later deactivated.
Users will be able to use the Prompt feature when setting up new devices or flashing new ROMs avoiding the need to have codes sent by insecure SMS.
The latter method is vulnerable to social engineering phone porting in which attackers use a victim’s personal information to request a mobile number be ported to one under their control.
This allows attackers to receive SMS two factor authentication codes.
The new sign-in screen

Google does not allow users to run Prompt alongside its Security Keys and requires devices be online.
Android users will need updated Google Play Services while iOS types will need to install Google Search app.
Yahoo was first with a similar service that sent prompts to user’s phones asking to approve login attempts. ®
Sponsored: Rise of the machines

CATEGORIES

Cyber Parse was created to provide knowledge to help everyone understand and deal with the ever increasing threats we all face by Cyber Crime (Malware, Social Engineering, Phishing and hacking).
Our purpose is to provide the right information to our readers by breaking down and communicating knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security, then using Risk Management practices to help translate the technical aspects of the Risks, Threats, Vulnerabilities and controls to reduce the risk into business language.